spycraft2fandomcom-20200214-history
Hacking
__NOEDITSECTION__ Most computers that contain valuable information or control important peripherals feature at least marginal security, which must be bypassed before the system may be used in any way (even for mundane or uncomplicated tasks). This type of Dramatic Conflict begins when a hacker (the'Predator') sets out to manipulate a computer system guarded by a human user (the Prey). Alternately, it begins when two or more hackers conduct “net warfare,” attempting to damage or disable each other’s computers through remote commands. These activities benefit from special programs (see page 227), but a skilled computer user can make do without. Predator Skill: Computers (Int). This check possesses the Concentration, Hands-On, and Vision tags. Prey Skill: Computers (Int). This check possesses the Concentration, Hands-On, and Vision tags. Basics Unmonitored Systems When no human user guards a system, hacking becomes a Complex Task with a number of Challenges equal to the system’s Power Rating and a Computers (Int) DC equal to the Computers skill bonus of any known Sys-Op + 10 (if no Sys-Op is known, the DC is equal to the team’s current Threat Level + 15). The GC may also use this alternate system if he wants to speed up or reduce the risk of any hacking attempt. System Access Possibly the most important factor during a hack is the invading user’s ability to access the target system. Accessing a computer indirectly — via the Internet, a satellite uplink, quark toggles, or another mundane or super-science contrivance — is considered External Access, and may encounter firewalls and similar protective software (in a mundane setting), or anything from advanced particle collection to artificially intelligent guardians (in an exotic, gadget-driven, or near-future setting). Accessing a computer directly — at a terminal with unprotected access to the central system — is considered Internal Access, and presents an unparalleled advantage, making physical infiltration a worthy first step in any hacking scenario. In some cases, as when a system is physically isolated from the outside world, Internal Access becomes a necessity. Internal Access does not grant the invading user free rein — he must still bypass or navigate password protection, encryption, elaborate file structures, and other obstacles (in a mundane setting), or telepathic triggers, DNA samplers, and worse (in a fantastic setting). Hacking Lead During a hacking attempt, the Lead represents the passwords, electronic checkpoints, or other security measures between the Predator and his goal. Each point of Lead gained strengthens the system’s defenses, while each point lost strips lays another part of the system bare to the Predator’s manipulation. Starting Lead A hacking attempt’s starting Lead is equal to the Security Power Rating of the target system (maximum 9). If the Predator has previously installed a back door in the system, the starting Lead is equal to the Lead at which the back door was installed + 1 (see page 373). Multiple Hacking Participants When more than two participants are involved in a hack, the GC designates each as part of a “Predator group” or “Prey group.” Each group makes a single opposed cooperative check during Step 2 of each Conflict round. Hack Timing Contrary to the way it is portrayed in popular fiction, hacking is a time-consuming and laborious process, competing with billions of dollars spent every year advancing the science of system security. Fortunately for hackers everywhere, the fundamental need to make a system accessible to its legitimate operators ensures that every system has some way in. Hackers approach these basic “flaws” with an arsenal of tools ranging from bribing and blackmailing system operators to deducing a Prey's password from personal information to making brute-force attacks with massive processing power. This process accelerates as a system’s outer defenses are stripped away, until the hacker and system are making split-second decisions at the final barrier. Thus, during a hacking attempt, the time required for each Conflict round is determined by the current Lead, the invading user’s access to the target system, and the relative power ratings of the intruder’s computer and the target system, as shown on Table 6.6: Hack Timing. Both the Predator and Prey must be involved for a minimum of 1/2 this time, rounded down (minimum 1 round). When a hacking attempt and combat are run simultaneously, Step 1 of the hack occurs before the combat’s first Initiative Count, and Steps 2–3 occur at the start of the Predator’s Initiative Count. Step 4 is spread across the entire combat round, with each participant taking action during his Initiative Count. Hacking Strategies Available Strategies are determined by each user’s computer Power Rating, as well as the software at his disposal, as shown on Table 6.7: Hacking Strategies. In some cases, a participant’s choice of Strategy changes the skill he uses to make the Conflict round’s opposed skill check. Unless otherwise specified, when an invading user accesses a terminal connected to the target system, its Power Rating is assumed to be equal to that of the system –2 (minimum 1). ''Code Slinging'' The participant uses common tactics to undermine or reinforce the target system’s security. ''Core Counter-Measures'' The Prey brings the full strength of his system to bear, hoping to keep the invader at bay, or even squash him like a bug. ''Hard Reboot'' Convinced of an imminent security breach, the Prey tries to shut down all system access. ''Index Snatch'' The Predator attempts to pry a file out of the target system using an indirect — and seemingly legitimate — request. Tracking and countering these elusive attacks is one of the most taxing parts of a Prey's job. ''Insert Packet'' The Predator tries to drop off a little gift in an unused part of the system. ''Inverse Query'' The Prey tries to coax the invader to give up vital information in exchange for continued access. ''Kernel Interrupt'' The Predator tries to seize momentary control and vanish to a new part of the system. 'L337 Moves The participant uses his significant system power to wear down his opponent, undermining his confidence and exploiting every mistake he makes. ''Magic Bullet'' The Predator catches sight of a chink in the system’s armor, and may exploit it to locate or defeat his opponent. ''Master Cracker'' The participant’s uncanny insight allows him to reshape any struggle in the machine. If a character possessing the master cracker class ability wins an opposed skill check using this Strategy, he may spend 1 use of the ability to choose any 1 Advantage, plus 1 additional Advantage per 4 by which he wins the check. He may not choose the Victory Advantage as part of this package. ''Phone Phreak'' The participant analyzes communication system traffic, hoping to get a better sense of the situation. ''Play Through'' The participant plays various routing games to conceal his whereabouts. ''Security Alert'' The Prey harasses the Predator by distributing his silhouettes across the system. ''“Shall We Play A Game?”'' The participant attempts to occupy his opponent with endless processing loops as he launches a desperate gambit elsewhere in the system. ''Social Engineering'' The participant focuses his attack on the opponent rather than the opponent’s machine, hoping to outwit him directly. ''Trojan File Marker'' The Predator tries to forge a semi-legitimate access point he can later use at his leisure. ''Virus Salvo'' The Prey unleashes a barrage of viruses in an attempt to cripple the invading Predator or seize control of his system. Hacking Advantages ''Back Door'' The Predator may either eliminate one of the Prey’s silhouettes (shaking the Prey’s running invader profile), or install a back door at the current Lead. ''Core Command'' The opposed check winner may execute 1 of the target computer’s core commands. This command may not initiate a system purge, power the machine down, or change the network structure to lock another user out. Each time this Advantage is chosen beyond the first during the same round, the opposed check winner may execute 1 additional core command. ''Elude'' The Power Rating of any Trace software targeting the opposed check winner decreases by 3 until the end of the following Conflict round. Each time this Advantage is chosen beyond the first during the same round, this benefit lasts for 1 additional Conflict round. This Advantage may not reduce the Power Rating of any Trace software by more than 3, even if it is gained again while it’s still active. ''Extract File'' The opposed check winner may extract 1 file of his choice from 1 opponent’s target computer. Every 2 times this Advantage is chosen beyond the first during the same round, the opposed check winner may extract 1 additional file. This Advantage assumes the user knows the name and location of the desired file; if he doesn’t, an Investigation/Research check is required. If this Research or the file transfer takes longer than the current Conflict round, it inflicts a –4 penalty with the hacking opposed check during each round it persists. ''Lead'' The Lead is adjusted by 1 in the opposed check winner’s favor. Every 2 times this Advantage is chosen beyond the first during the same round, the Lead is adjusted by an additional 1 in the opposed check winner’s favor. ''Pause'' The hack is “put on hold.” The Lead remains the same and no steps are resolved during the following Conflict round. Each time this Advantage is chosen beyond the first during the same round, the hacking attempt is paused for 1 additional round. The action continues during this time (i.e. the participants continue to test one another), but no one — including the opposed check winner — makes any progress. ''Probe'' The opposed check winner momentarily punches through or reinforces security using advanced software and a healthy dose of guesswork. One opponent of his choice must make a Computers (Int) check (DC 10 + (the Power Rating of the opposed check winner’s Probe software × 5)). This check possesses the Concentration, Hands-On, and Vision tags. Each time this Advantage is chosen beyond the first during the same round, this DC increases by 5. With success, this action reveals nothing. With failure, the opposed check winner may immediately execute 1 core command. The chosen opponent may skip this skill check, but the Lead shifts by 2 in the opposed check winner’s favor as the opponent recovers. ''Seize Control'' The opposed check winner may prompt the target computer to run or stop 1 program of his choice, usually a virus (see page 227). This program must be stored on either the opposed check winner’s computer or the target computer. Alternately, the opposed check winner may seize control of 1 device controlled by the target computer. This control lasts until Step 2 of the following Conflict round. Each time this Advantage is chosen beyond the first during the same round, the opposed check winner gains control of 1 program or device. ''Silhouette'' The Prey may either eliminate one of the Predator’s back doors (shaking his code out of the system), or establish a profile silhouette of the Prey. Each silhouette grants a cumulative +1 bonus with all hacking opposed skill checks against the target Predator until the end of the current mission. ''Stress'' Each participant except the opposed check winner suffers 1d4 stress damage. Each time this Advantage is chosen beyond the first during the same round, this damage increases by +1d4. No character may recover from this damage until the hacking attempt ends. ''Trace'' The opposed check winner may attempt to trace signal traffic to determine another participant’s physical location. One opponent of the opposed check winner’s choice must make a Computers (Int) check (DC 10 + (the Power Rating of the opposed check winner’s Trace software × 5). This check possesses the Concentration, Hands-On, and Vision tags. Each time this Advantage is chosen beyond the first during the same round, this DC increases by 5. With success, the trace reveals nothing. With failure, the opposed check winner determines the target’s current location, and if he is the Prey, may immediately end the Dramatic Conflict in his favor. This is also sufficient information to prompt a manhunt. The chosen opponent may skip this skill check, but the Lead shifts by 2 in the opposed check winner’s favor as the opponent recovers. ''Victory'' The hacking attempt ends in the opposed check winner’s favor. Ending a Hack If the Predator wins (i.e. the Lead decreases to 0 or less, or the hack otherwise ends in the Predator’s favor), he gains complete control over the target system and may perform core commands at will. If the original Prey wishes to regain control of the system, he must launch a hack against the system with the original Predator as the new Prey. If the Prey wins (i.e. the Lead increases to 10 or more, the Prey successfully traces the Predator, or the hack otherwise ends in the Prey’s favor), he locks the Predator out. The Predator may not attempt to hack the same system again for the duration of the current mission. Core Commands A computer’s core commands are actions that legitimate users may perform without a Computers check. Some legitimate users are limited to certain core commands, or certain files or parts of the system, by those with higher access. An invader who successfully hacks the system has no limitations, and can use any of the target computer’s core commands at will. The time required to perform each core command is listed in parentheses before its description. Core Command Descriptions ''Alter/Delete Records'' (Per Falsify/Forgery) Changing or deleting files is simple. Doing so in a manner that isn’t obvious requires a Falsify/Forgery check. ''Authorize/Restrict User'' (1 full action) This core command may grant any person whose computer links to the system access to any core commands possessed by the acting user. It may also do the opposite, preventing any person from using any core command possessed by the acting user. ''Change Network Structure'' (1 full action) This core command may add or sever a link between the system and any other computer or device. ''Delete Program'' (1 full action) This core command erases 1 file or program from the system. ''Execute Program'' (1 full action) This core command activates 1 program resident in the system. ''Extract File'' (Varies) This core command transfers 1 file to another system, a process requiring a number of full rounds equal to the file’s Complexity DC divided by the lowest Power Rating possessed by either computer involved (rounded down, minimum 1 full round). When a file’s Complexity DC isn’t known, the GC assigns one ranging from 10 (simplest possible) to 60 (most complex possible). If the user doesn’t know the name and location of the desired file, he must make an Investigation/Research check before executing this core command. If this Research or the file transfer occurs during a hack and takes longer than the current Conflict round, it inflicts a –4 penalty with the hacking opposed check during each round it persists. ''Initiate System Purge'' (Varies) This core command cleanses the system of foreign programming, including viruses and back doors, a process requiring 1 full minute + 1 additional minute per foreign program in the system whose Power Rating exceeds that of the system. ''Power Down'' (1 full action) This core command turns the computer off without physically interrupting its power supply. ''Search System'' (Varies) A character may only search a system for a specific item (e.g. a known application) or using specific parameters (e.g. a fragment of a known file name). Digging through an entire system for “items of interest” is handled with the View File command (this process is likely to take hours, if not days, depending on the size of the system). Another important distinction is that while the Search System command operates like an Investigation/Research check, the computer is doing the heavily lifting for the character and is understandably drone-like and meticulous in its approach. Each use of the Search System command requires 1 full action to begin and the process takes the amount of time listed on Table 2.33: Research Checks. No skill check is required for this command — if the information is located in the target system and falls within the command parameters, it is automatically found at the conclusion of the search. The Search System command may only be used to look through a single computer system; even when a computer is connected to a larger network or the Internet, this command must be used separately for each individual system that the character wishes to search for information. ''Upload Program'' (Varies) This core command installs 1 program into the system, a process requiring a number of full rounds equal to the program’s Complexity DC divided by the lowest Power Rating possessed by either computer involved (rounded down, minimum 1 full round). ''Use Peripheral'' (Per Device Use) This core command allows the user to manipulate 1 device controlled by the system. If this requires a separate skill check, the user suffers a –4 penalty for remote operation. ''View File'' (Varies) Calling a file up requires the character to know its name and location. This core command takes 1 half action. During each full round, a character may read 1 full page of text + 1 additional full page of text per point of both Intelligence and Wisdom above 10 (e.g. an Intelligence score of 11 and a Wisdom score of 10 produces no additional effect, but an Intelligence score of 15 and a Wisdom of 12 allows the character to read 3 full pages of text per round). This core command does not prevent other users from opening or viewing the file. Category: Dramatic Conflict Rules